4188 matches found
oCERT Releases Advisory for Unpatched UnZip Vulnerability
The Open Source Computer Security Incident Response Team oCERT has released an advisory addressing vulnerabilities in all versions of UnZip. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system if a user opens a specially crafted zip file. US-CER...
Microsoft Releases December 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Exchange, Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for December 2014. Some of these vulnerabilities could allow elevation of privilege, remote code execution, or disclosure of information...
Google Releases Security Updates for Chrome and Chrome OS
Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS, one of which could potentially allow an attacker to take control of the affected system. Updates available include: Chrome 38.0.2125.104 for Windows, Mac and Linux Chrome OS 38.0.2125.108 for all...
Google Releases Google Chrome 30.0.1599.101
Google has released Google Chrome 30.0.1599.101 for Windows, Mac, Linux and Chrome Frame operating systems to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial-of-service condition or trigger multiple conflicting uses of the same object. US-CE...
Google Releases Google Chrome 29.0.1547.57
Google has released Google Chrome 29.0.1547.57 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition, conduct a directory traversal attack, or obtain sensitive information. US-CERT...
Cisco Releases Multiple Security Advisories
Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow an attacker to take control of the affected system or allow an authenticated but unprivileged, remote attacker to execute arbitrary code on a vulnerable system and on devices managed ...
Cisco Releases Multiple Security Advisories
Cisco has released three security advisories to address vulnerabilities affecting the following products: Cisco ASA 5500 Series Adaptive Security Appliances ASA Cisco Catalyst 6500 Series ASA Service Module ASASM Cisco Catalyst 6500 Series Firewall Service Module FWSM Cisco Adaptive Security...
Cisco Releases Multiple Security Advisories
Cisco has released six security advisories to address vulnerabilities affecting the following products: Cius Wifi devices running Cius Software Version 9.21 SR1 and prior Cisco Unified Communications Manager Software versions 6.x, 7.x, and 8.x Cisco Business Edition 3000, 5000, and 6000 Cisco Uni...
USAA Phishing Scam and Malware Campaign
US-CERT is aware of public reports of an active spear-phishing attack via email messages directed at United Services Automobile Association USAA members. These messages contain the subject line "Deposit Posted" and contain a randomly generated four-digit number placed in the USAA security zone...
Microsoft Windows .LNK Vulnerability
US-CERT is aware of a vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for .LNK files. Microsoft uses .LNK files, commonly referred to as "shortcuts," as references to files or applications. By convincing a user to...
Oracle Releases Critical Patch Update for Java SE and Java for Business
Oracle has released a critical patch update to address 27 vulnerabilities in Java SE and Java for Business. These vulnerabilities are in the following components: ImageIO, Java 2D, Java Runtime Environment, Java Web Start, Pack200, Sound, JSSE, and HotSpot Server. US-CERT encourages users and...
Adobe Releases a Security Update for Download Manager
Adobe has released a security bulletin to address a vulnerability in the Adobe Download Manager. This vulnerability could allow an attacker to download and install unauthorized software. US-CERT encourages users and administrators to review security bulletin APSB10-08 and review the steps to...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2022-0492link is external Linux Kernel Improper Authentication Vulnerability CVE-2025-48595link is external Android Framework Integer Overflow Vulnerability The...
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-21510link is external Microsoft Windows Shell Protection Mechanism Failure Vulnerability CVE-2026-21513link is external Microsoft MSHTML Framework Security...
CISA Releases Ten Industrial Control Systems Advisories
CISA released ten Industrial Control Systems ICS advisories on August 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-219-01 Delta Electronics DIAView ICSA-25-219-02 Johnson Controls FX80 and FX90...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-23006link is external SonicWall SMA1000 Appliances Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...
Ivanti Releases Security Update for Cloud Services Appliance
Ivanti has released a security update addressing an OS command injection vulnerability CVE-2024-8190 affecting Ivanti Cloud Services Appliance CSA 4.6 all versions before patch 519. A cyber threat actor could exploit this vulnerability to take control of an affected system. At this time, Ivanti h...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability These types of vulnerabilities a...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23692 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability CVE-2024-38080 Microsoft Windows Hyper-V...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30051 Microsoft DWM Core Library Privilege Escalation Vulnerability CVE-2024-30040 Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability Thes...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23222 Apple Multiple Products Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
Atlassian Releases Security Updates for Multiple Products
Atlassian released a security advisory to address a vulnerability CVE-2023-22527 in out-of-date versions of Confluence Data Center and Server as well as its January 2024 security bulletin to address vulnerabilities in multiple products. A malicious cyber actor could exploit one of these...
Cisco Releases Security Advisory for Cisco Unity Connection
Cisco released a security advisory to address a vulnerability CVE-2024-20272 in Cisco Unity Connection. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco Unity Connection Unauthenticated...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21887 Ivanti Connect Secure and Policy Secure Command Injection Vulnerability CVE-2023-46805 Ivanti Connect Secure and Policy Secure Authentication Bypass...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20198 Cisco IOS XE Web UI Privilege Escalation Vulnerabilitylink is external These types of vulnerabilities are frequent attack vectors for malicious cyber actor...
CISA Adds Two Known Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-41064 Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow CVE-2023-41061 Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability These types of...
VMware Releases Security Updates for VMware vRealize Log Insight
VMware released security updates to address multiple vulnerabilities in VMware vRealize Log Insight. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0001 and apply th...
Fortinet Releases Security Updates for FortiADC
Fortinet has released a security advisory to address a vulnerability in multiple versions of FortiADC. This vulnerability may allow a remote attacker “to execute unauthorized code or commands via specifically crafted HTTP requests.” CISA encourages users and administrators to review Fortinet...
CISA Upgrades to TLP 2.0
Today, CISA officially upgraded to Traffic Light Protocol TLP 2.0, which facilitates greater information sharing and collaboration. CISA made this upgrade in accordance with the recommendation from the Forum of Incident Response and Security Teams to upgrade to TLP 2.0 by January 2023. Key TLP 2....
Preparing Critical Infrastructure for Post-Quantum Cryptography
CISA has released CISA Insights: Preparing Critical Infrastructure for Post-Quantum Cryptography, which outlines the actions that critical infrastructure stakeholders should take now to prepare for their future migration to the post-quantum cryptographic standard that the National Institute of...
CISA released Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker
CISA has released an Industrial Controls Systems Advisory ICSA detailing six vulnerabilities that were discovered in MiCODUS MV720 Global Positioning System Tracker. Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control the global positioning...
2022 CWE Top 25 Most Dangerous Software Weaknesses
The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration CWE Top 25 Most Dangerous Software Weaknesses list. The list uses data from the National Vulnerability Database to compile the most...
SAP Releases June 2022 Security Updates
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review SAP Security Patch Day – June 2022 and apply the necessary...
CISA Releases Security Advisory on Dominion Voting Systems Democracy Suite ImageCast X
CISA has released an Industrial Controls Systems Advisory ICSA detailing vulnerabilities affecting versions of the Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to mark their ballot. Exploitation of these vulnerabilities would requir...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory Advisories VMSA-2022-0011 and...
VMware Releases Security Updates
VMware has released security updates to address multiple vulnerabilities in VMware Carbon Black App Control software. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory...
Mozilla Releases Security Updates for Firefox and Firefox ESR
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox 98 and Firefox...
Iranian Government-Sponsored MuddyWater Actors Conducting Malicious Cyber Operations
CISA, the Federal Bureau of Investigation FBI, U.S. Cyber Command Cyber National Mission Force CNMF, the United Kingdom’s National Cyber Security Centre NCSC-UK, and the National Security Agency NSA have issued a joint Cybersecurity Advisory CSA detailing malicious cyber operations by Iranian...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...
CISA and NSA Release Kubernetes Hardening Guidance
The National Security Agency NSA and CISA have released Kubernetes Hardening Guidance, a cybersecurity technical report detailing the complexities of securely managing Kubernetes—an open-source, container-orchestration system used to automate deploying, scaling, and managing containerized...
NSA Releases Guidance on Securing Wireless Devices While in Public
The National Security Agency NSA has released an information sheet with guidance on securing wireless devices while in public for National Security System, Department of Defense, and Defense Industrial Base teleworkers, as well as the general public. This information sheet provides information on...
NSA-CISA-NCSC-FBI Joint Cybersecurity Advisory on Russian GRU Brute Force Campaign
The National Security Agency NSA, Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, and the UK’s National Cyber Security Centre NCSC have released Joint Cybersecurity Advisory CSA: Russian GRU Conducting Global Brute Force Campaign to Compromise Enterpris...
Microsoft Releases June 2021 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s June 2021 Security Update Summary and...
Joint CISA-FBI Cybersecurity Advisory on DarkSide Ransomware
CISA and the Federal Bureau of Investigation FBI have released a Joint Cybersecurity Advisory CSA on a ransomware-as-a-service RaaS variant—referred to as DarkSide—recently used in a ransomware attack against a critical infrastructure CI company. Cybercriminal groups use DarkSide to gain access t...
Google Releases Security Updates for Chrome
Google has released Chrome version 90.0.4430.85 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...
Microsoft Releases Exchange On-premises Mitigation Tool
Microsoft has released the Exchange On-premises Mitigation Tool EOMT.ps1 that can automate portions of both the detection and patching process. Microsoft stated the following along with the release: "the tool is intended to help customers who do not have dedicated security or IT teams to apply...
Google Releases Security Updates for Chrome
Google has released Chrome version 88.0.4324.182 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary updates. This...
FTC Reports Scammers Impersonating FTC
The Federal Trade Commission FTC has released information on scammers attempting to impersonate the FTC. The scammers operate an FTC-spoofed website that claims to provide instant cash payments and tries to trick consumers into disclosing their financial information. The real FTC does not require...
Active Exploitation of SolarWinds Software
The Cybersecurity and Infrastructure Security Agency CISA is aware of active exploitation of SolarWinds Orion Platform software versions 2019.4 HF 5 through 2020.2.1 HF 1, released between March 2020 and June 2020. CISA encourages affected organizations to read the SolarWinds and FireEye advisori...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Mozilla has released security updates to address a vulnerability in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review th...